Annotation of wikisrc/users/mbalmer/keylock.mdwn, revision 1.4

1.2 mbalmer 1: [[!meta title="A Keylock Security Model for kauth(9)"]]
1.1 mbalmer 2:
3: Recently, generic support for electro-mechanical multi-position keylocks
4: in the kernel has been added to NetBSD. Such locks can be turned into
5: various positions, usually up to three or four position. They come with
6: a set of keys that are different in so far as not all positions can be
7: reached with all keys (which key can go up to which position is called
8: the "locking program"). With the new keylock support, such locks can be
9: used to tinker with the kernel security, much like the traditional
10: securelevel variable...
11:
12: The number of keylock positions, the current keylock position, and the
13: overall keylock state can be read within the kernel using a set of
1.2 mbalmer 14: functions defined in
15: [keylock.h](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.h?rev=HEAD)
16: and userland
1.3 mbalmer 17: can access them through the <b>hw.keylock</b> sysctl hierarchy.
1.1 mbalmer 18:
19: The following components have been added:
20:
21: * '''{{manual page|gpiolock|4|}}''' a driver for GPIO attached keylocks.
22: The driver registers with the in-kernel keylock "subsystem". See
1.3 mbalmer 23: [gpiolock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/gpio/gpiolock.c?rev=HEAD).1.1 mbalmer 24:
1.3 mbalmer 25: * <b>secmodel_keylock</b>, a {{manual page|kauth|9}} security model that
1.1 mbalmer 26: authorizes based on the keylock "closedness". Wheter the rightmost
27: (default) or leftmost position of the keylock means open can be
28: controlled using the '''hw.keylock.order''' sysctl variable. This
29: variable can only be changed if the keylock state is OPEN. See
1.3 mbalmer 30: [secmodel_keylock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/secmodel/keylock/secmodel_keylock.c?rev=HEAD).1.1 mbalmer 31:
32: The security model is started when a keylock driver registers and
33: stopped when there is no more keylock driver. The keylock security
34: model is optional, keylock support can be used without the security
35: model as well (e.g. to provide keylock state to a userland applications.
36: Useful e.g. for POS applications).
37:
38: The keylock state interpretation is done in
1.4 ! mbalmer 39: [keylock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.c?rev=HEAD)1.3 mbalmer 40: and not in the driver itself. This
1.1 mbalmer 41: allows for adding support for multiple keylocks in the future. The
42: hw.keylock.pos and hw.keylock.npos sysctl variable have debugging
43: character, the hw.keylock.state variable reflects the state and should
44: be used.
45:
46: Currently, the keylock positions are interpreted as follows: There are
47: maximum four positions, OPEN, SEMIOPEN, SEMICLOSE, CLOSE. What exactly
48: that means leaves room for interpretation right now.... (experience will
49: show what makes sense in the end).
50:
51: To enable the keylock support, the keylock security model, and the
52: {{manual page|gpiolock|4|}} driver, add the following lines to your
53: kernel configuration file:
54:
55: options KEYLOCK
56: options secmodel_keylock
57: gpiolock* at gpio?
58:
59: Of course you must have at least one GPIO device in your system for the
60: {{manual page|gpiolock|4|}} driver to work and the lock must be
61: connected properly.
62:
1.3 mbalmer 63: <b>Please keep in mind that this is an experimental feature...</b>